From cff66059c36f1f629825cd2cc763e1b8b40cd18a Mon Sep 17 00:00:00 2001
From: Michele Cereda <cereda.michele@gmail.com>
Date: Tue, 17 Dec 2024 22:57:36 +0100
Subject: [PATCH] chore(turris-os): baikal container example with ssl

---
 knowledge base/baikal.md    | 20 +++++++++++++++++++-
 knowledge base/turris os.md | 22 ++++++++++++++++++----
 snippets/openssl.sh         |  2 +-
 3 files changed, 38 insertions(+), 6 deletions(-)

diff --git a/knowledge base/baikal.md b/knowledge base/baikal.md
index e354e39..320a88b 100644
--- a/knowledge base/baikal.md	
+++ b/knowledge base/baikal.md	
@@ -1,6 +1,8 @@
-# Baikal
+# Baïkal
 
 1. [TL;DR](#tldr)
+1. [Troubleshooting](#troubleshooting)
+   1. [`Error: Class 'DOMDocument' not found in /mnt/are/www/dav/vendor/sabre/dav/lib/DAV/Server.php:256`](#error-class-domdocument-not-found-in-mntarewwwdavvendorsabredavlibdavserverphp256)
 1. [Further readings](#further-readings)
    1. [Sources](#sources)
 
@@ -26,6 +28,17 @@ docker run --rm -p '80:80' 'ckulka/baikal:nginx'
 
 </details>
 
+## Troubleshooting
+
+### `Error: Class 'DOMDocument' not found in /mnt/are/www/dav/vendor/sabre/dav/lib/DAV/Server.php:256`
+
+Refer [Baikal PHP Error], then [Baïkal dependencies].
+
+Ensure the following are available:
+
+- PHP's XML module (`php-xml` in [APT]).
+- PHP's MBSTRING module (`php-mbstring` in [APT]).
+
 ## Further readings
 
 - [Website]
@@ -35,6 +48,8 @@ docker run --rm -p '80:80' 'ckulka/baikal:nginx'
 ### Sources
 
 - [ckulka/baikal-docker]
+- [Baikal PHP Error]
+- [Baïkal dependencies]
 
 <!--
   Reference
@@ -43,10 +58,13 @@ docker run --rm -p '80:80' 'ckulka/baikal:nginx'
 
 <!-- In-article sections -->
 <!-- Knowledge base -->
+[apt]: apt.md
 [self-hosting]: self-hosting.md
 
 <!-- Files -->
 <!-- Upstream -->
+[baïkal dependencies]: https://github.com/sabre-io/Baikal/wiki/Ba%C3%AFkal-dependencies
+[baikal php error]: https://github.com/sabre-io/Baikal/issues/701
 [github]: https://github.com/sabre-io/Baikal
 [website]: https://sabre.io/baikal/
 
diff --git a/knowledge base/turris os.md b/knowledge base/turris os.md
index a73158f..fd5f2d7 100644
--- a/knowledge base/turris os.md	
+++ b/knowledge base/turris os.md	
@@ -289,7 +289,7 @@ config container
 > lxc-create -n 'baikal' -t 'download' -- -d 'Debian' -r 'Bookworm' -a 'armv7l'
 > ```
 
-Refer <https://sabre.io/baikal/install/>.
+Refer [baikal] and <https://sabre.io/baikal/install/>.
 
 ```sh
 # Set the correct hostname.
@@ -299,15 +299,18 @@ sed -i 's/LXC_NAME/baikal/' '/etc/hosts'
 # Install baikal.
 # Also install `unattended-upgrades` to ease updates management.
 DEBIAN_FRONTEND='noninteractive' apt-get install --assume-yes --no-install-recommends \
-  'apache2' 'ca-certificates' 'curl' 'php' 'php-sqlite3' 'unattended-upgrades' 'unzip'
+  'apache2' 'ca-certificates' 'curl' 'php' 'php-sqlite3' 'php-sabre-dav' 'unattended-upgrades' 'unzip'
 a2dismod 'mpm_event'
-a2enmod 'rewrite' 'php*'
+a2enmod 'rewrite' 'php*' 'ssl'
 systemctl restart 'apache2'
+openssl req -nodes \
+  -newkey 'rsa:4096' -keyout '/etc/ssl/private/baikal.key' -out '/etc/ssl/private/baikal.crt' -x509 -days '365' \
+  -subj '/C=NL/ST=North Holland/L=Amsterdam/O=Example Org/OU=Infra/CN=baikal.lan'
 curl -fsL -o '/var/www/baikal.zip' 'https://github.com/sabre-io/Baikal/releases/download/0.10.1/baikal-0.10.1.zip'
 unzip -ud '/var/www/' '/var/www/baikal.zip' && rm '/var/www/baikal.zip'
 chown -R 'www-data:www-data' '/var/www/baikal/Specific' '/var/www/baikal/config'
 cat <<EOF > '/etc/apache2/sites-enabled/010-baikal.conf'
-<VirtualHost *:80>
+<VirtualHost *:443>
 
     DocumentRoot /var/www/baikal/html
     ServerName baikal.lan
@@ -334,10 +337,20 @@ cat <<EOF > '/etc/apache2/sites-enabled/010-baikal.conf'
         ExpiresActive Off
     </IfModule>
 
+    SSLEngine on
+    SSLCertificateFile    /etc/ssl/private/baikal.crt
+    SSLCertificateKeyFile /etc/ssl/private/baikal.key
+
 </VirtualHost>
 EOF
 ```
 
+Testing (after installing and creating a user):
+
+```sh
+curl -svvvko - --digest --user 'mark@baikal.lan:123p' https://baikal.lan/dav.php/calendars/mark@baikal.lan/default/
+```
+
 </details>
 
 <details>
@@ -661,6 +674,7 @@ All the references in the [further readings] section, plus the following:
 [further readings]: #further-readings
 
 <!-- Knowledge base -->
+[baikal]: baikal.md
 [lxc]: lxc.md
 [openwrt]: openwrt.md
 [opkg]: opkg.md
diff --git a/snippets/openssl.sh b/snippets/openssl.sh
index 598c373..4fb4117 100644
--- a/snippets/openssl.sh
+++ b/snippets/openssl.sh
@@ -94,7 +94,7 @@ openssl req -in 'request.csr' -verify -text -noout  # prints the data given in i
 # Create self-signed certificates with their new private key from scratch
 openssl req -nodes -newkey 'rsa:2048' -keyout 'private.key' -out 'certificate.crt' -x509 -days '365'
 openssl req -newkey 'rsa:4096' -keyout 'private.key' -out 'certificate.pem' -x509 -days '365' -sha256 \
-	-subj '/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.company.com'
+	-subj '/C=US/ST=Oregon/L=Portland/O=Example Org/OU=R&D/CN=www.example.org'
 
 # Create self-signed certificates using existing CSRs and private keys
 openssl x509 -req -in 'request.csr' -signkey 'private.key' -out 'certificate.crt' -days '365'